[CERT-daily] Tageszusammenfassung - Donnerstag 5-03-2015

Daily end-of-shift report team at cert.at
Thu Mar 5 18:05:57 CET 2015


=======================
= End-of-Shift report =
=======================

Timeframe:   Mittwoch 04-03-2015 18:00 − Donnerstag 05-03-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a



*** MICROSYS PROMOTIC Stack Buffer Overflow ***
---------------------------------------------
This advisory provides mitigation details for a stack-based buffer overflow vulnerability in the MICROSYS, spol. s r.o. PROMOTIC application.
---------------------------------------------
https://ics-cert.us-cert.gov//advisories/ICSA-15-062-01




*** Adobe Launches Web Application Vulnerability Disclosure Program on HackerOne ***
---------------------------------------------
In recognition of the important role that independent security researchers play in keeping Adobe customers safe, today Adobe launches a web application ..
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1179




*** SA-CONTRIB-2015-063 - Webform - Cross Site Scripting (XSS) ***
---------------------------------------------
The module doesn't sufficiently escape user data presented to administrative users in the webform results table. This issue affects the 7.x-4.x branch only. This vulnerability is mitigated by the fact that an attacker ..
---------------------------------------------
https://www.drupal.org/node/2445935




*** Cisco IOS XR Software Malformed RSVP Packet Denial of Service Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0657




*** Cisco Secure Access Control Server Default Tomcat Administration Interface Vulnerability ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2130




*** Toshiba Bluetooth Stack Untrusted Service Path Lets Local Users Gain System Privileges ***
---------------------------------------------
http://www.securitytracker.com/id/1031825




*** BIND DNSSEC Guide ***
---------------------------------------------
ISC has new documentation introducing DNSSEC, configuring BIND for common DNSSEC features, and basic DNSSEC troubleshooting. ISCs BIND DNSSEC Guide, co-written with DeepDive Networking, covers DNSSEC requirements, setting up a validating resolver, maintaining signed authoritative zones, and ..
---------------------------------------------
http://users.isc.org/~jreed/dnssec-guide/dnssec-guide.html




*** SANS ICS410 Vienna ***
---------------------------------------------
SANS presents the essential ICS/SCADA training course, ICS410 ICS Security Essentials. This specialist training event is running with the support of the International Atomic Energy Agency (IAEA) and follows the IAEAs International Conference on Computer Security in a Nuclear World which takes place the preceding week in Vienna.
---------------------------------------------
https://www.sans.org/event/ics410-vienna-with-iaea




*** Malware "Casper": Wie die Franzosen in Syrien spionieren ***
---------------------------------------------
Sicherheitsforscher analysieren Schadprogramm, das wohl von Frankreichs Geheimdiensten eingesetzt wird
---------------------------------------------
http://derstandard.at/2000012513213




*** Format Injection Vulnerability in Duo Security Web SDK ***
---------------------------------------------
Format Injection is not a new bug, but it was never described as a subclass of A1 Injection. You probably already hate me for giving it a name (at least I didn't create a logo!) but calling it an 'injection' is too general.
---------------------------------------------
http://sakurity.com/blog/2015/03/03/duo_format_injection.html




*** The State Of The Internet ***
---------------------------------------------
One great idea behind the internet is to connect devices from nearly every position on earth. Well, this idea sometimes has its drawbacks. In order to get an overview about devices that are actually connected, the University of ..
---------------------------------------------
https://splone.com/blog/2015/3/4/the-state-of-the-internet




*** Schutz vor Freak Attack: Diese Browser sind betroffen ***
---------------------------------------------
Der Freak-Angriff kompromittiert unzählige verschlüsselte Webseiten und Angreifer könnten sensible Daten ausspionieren. Ob man für die Attacke anfällig ist, hängt aber vom eingesetzten Betriebssystem, Webbrowser und der besuchten Internetseite ab. 
---------------------------------------------
http://heise.de/-2567655




*** OpenSSL Cookbook 2nd Edition released ***
---------------------------------------------
Today we're releasing the second edition of OpenSSL Cookbook, Feisty Ducks free OpenSSL book. This edition is a major update, with some improvements to the existing text and new content added. The new edition has about 95 pages, an increase of about 35 pages.
---------------------------------------------
http://blog.ivanristic.com/2015/03/openssl-cookbook-second-edition-released.html




*** Utilizing NLP To Detect APT in DNS ***
---------------------------------------------
Imagine that after a nice, relaxing long weekend, you come in to work Monday morning at your job at the bank. While waking up with a cup of coffee, you begin checking email. Among the usual messages, there's a message about a security update and you click it. Security updates are so common these days that it's ..
---------------------------------------------
https://labs.opendns.com/2015/03/05/nlp-apt-dns/




*** l+f: Abgelaufenes SSL-Zertifikat bei Visa ***
---------------------------------------------
Wenn der Browser beim Besuch von Visa.de einen Zertifikatswarnung anzeigt, kann ein Angriff im Gange sein – oder der Admin hat vergessen, wann das Zertifikat abläuft.
---------------------------------------------
http://heise.de/-2568054




*** VB2014 paper: Leaving our ZIP undone: how to abuse ZIP to deliver malware apps ***
---------------------------------------------
Gregory Panakkal explains there are different ways of looking at APK files - and that sometimes has unintended consequences.Since the close of the VB2014 conference in Seattle in October, we have been sharing VB2014 conference papers as well as video recordings of the presentations. Today, we ..
---------------------------------------------
http://www.virusbtn.com/blog/2015/03_05.xml




*** Domain Trusts: Why You Should Care ***
---------------------------------------------
Red teams have been abusing Windows domain trusts for years with great success, but the topic is still underrepresented in public infosec discussions. While the community has started to talk more about Active Directory ..
---------------------------------------------
http://www.harmj0y.net/blog/redteaming/domain-trusts-why-you-should-care/




*** Decoding ZeuS Disguised as an .RTF File ***
---------------------------------------------
While going through emails that were reported by our internal users using Reporter, I came across a particularly nasty looking phishing email that had a .doc attachment. At first when I detonated the sample in my VM, it seemed that the attackers weaponized the attachment incorrectly. ..
---------------------------------------------
http://phishme.com/decoding-zeus-disguised-as-an-rtf-file/






More information about the Daily mailing list